In a statement, CNIL said: "The Council of State considered that by deducting this general prohibition from the GDPR, the CNIL had gone beyond what is legally possible with guidelines, which are an instrument of 'soft law'.
The Commission will have to take note of the Council of State's decision and will have to comply strictly with it. The guidelines will be adjusted to the strict extent necessary to draw the consequences of the decision of the Council of State.
Cookies are small text files that record internet users' online activity. The use of 'cookie walls' has proven controversial and attracted substantial scrutiny, with a number of data protection authorities across Europe issuing different guidelines on the topic, including in the UK and more recently in Ireland.
Binelli said that while the Council of State had endorsed most of the CNIL's cookies guidance, there was another aspect of the guide that it had taken issue with.
"On this point, the Council of State specifies that this requirement implies that, when the consent is given globally, it must be preceded by information specific to each of the purposes. The contested passage in the guidelines merely reiterates this requirement, without imposing on operators any particular technical modalities – whether global consent or purpose by purpose – for the collection of consent. The CNIL has said it will address this point in a new recommendation to be issued after September this year, with the Council of State requiring that this recommendation is only published following public consultation," she said.